Computing resource providers often host computing resources, such as servers, data storage devices, and networking devices as a service to their customers. Customers can operate some of their computing infrastructure using hardware of the computing resource providers, thereby reducing the amount of upfront investment needed for the infrastructure and often resulting in an overall lower cost to the customer. Customers are often able to configure and reconfigure their infrastructure remotely and programmatically in order to best suit their needs.
In many cases, customers transmit requests to create instances, such as virtual computing instances to execute on physical computing systems in the computing resource service provider computing environment. In many of these computing environments, it is good practice to periodically reboot computing systems and/or restore them to an initial, known-good state. Otherwise, the longer a computing system has been running, the more likely the computer system will end up in a state that has not been sufficiently tested, if at all, will have been changed to a nonstandard configuration, or will be compromised by an installation of unauthorized executable code. For virtual computing instances, frequent restarts and re-instantiations from known-good software images can help prevent malicious attackers from compromising the virtual computing instances. However, restarting and re-initializing computing systems and virtual computing instances has the unfortunate side effect of eliminating evidence of attacks and sources of other issues that may have arisen with the system state.